CVE-2019-6675 Information

Description

BIG-IP configurations using Active Directory LDAP or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system. This issue only impacts specific engineering hotfixes using the aforementioned authentication configuration. NOTE: This vulnerability does not affect any of the BIG-IP major minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.3.0.79.6-ENG.iso Hotfix-BIGIP-14.1.0.3.0.97.6-ENG.iso Hotfix-BIGIP-14.1.0.3.0.99.6-ENG.iso Hotfix-BIGIP-14.1.0.5.0.15.5-ENG.iso Hotfix-BIGIP-14.1.0.5.0.36.5-ENG.iso Hotfix-BIGIP-14.1.0.5.0.40.5-ENG.iso Hotfix-BIGIP-14.1.0.6.0.11.9-ENG.iso Hotfix-BIGIP-14.1.0.6.0.14.9-ENG.iso Hotfix-BIGIP-14.1.0.6.0.68.9-ENG.iso Hotfix-BIGIP-14.1.0.6.0.70.9-ENG.iso Hotfix-BIGIP-14.1.2.0.11.37-ENG.iso Hotfix-BIGIP-14.1.2.0.18.37-ENG.iso Hotfix-BIGIP-14.1.2.0.32.37-ENG.iso Hotfix-BIGIP-14.1.2.1.0.46.4-ENG.iso Hotfix-BIGIP-14.1.2.1.0.14.4-ENG.iso Hotfix-BIGIP-14.1.2.1.0.16.4-ENG.iso Hotfix-BIGIP-14.1.2.1.0.34.4-ENG.iso Hotfix-BIGIP-14.1.2.1.0.97.4-ENG.iso Hotfix-BIGIP-14.1.2.1.0.99.4-ENG.iso Hotfix-BIGIP-14.1.2.1.0.105.4-ENG.iso Hotfix-BIGIP-14.1.2.1.0.111.4-ENG.iso Hotfix-BIGIP-14.1.2.1.0.115.4-ENG.iso Hotfix-BIGIP-14.1.2.1.0.122.4-ENG.iso Hotfix-BIGIP-15.0.1.0.33.11-ENG.iso Hotfix-BIGIP-15.0.1.0.48.11-ENG.iso

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://support.f5.com/csp/article/K55655944 https://support.f5.com/csp/article/K55655944?utm_source=f5support&utm_medium=RSS

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8